Doy- forget the session cookie function!  Added secure cookie config check there too.
diff --git a/system/libraries/Security.php b/system/libraries/Security.php
index 018001a..a73b8e1 100644
--- a/system/libraries/Security.php
+++ b/system/libraries/Security.php
@@ -112,8 +112,9 @@
 	function csrf_set_cookie()
 	{
 		$expire = time() + $this->csrf_expire;
+		$secure_cookie = (config_item('cookie_secure') === TRUE) ? 1 : 0;
 
-		setcookie($this->csrf_cookie_name, $this->csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), 0);
+		setcookie($this->csrf_cookie_name, $this->csrf_hash, $expire, config_item('cookie_path'), config_item('cookie_domain'), $secure_cookie);
 
 		log_message('debug', "CRSF cookie Set");
 	}